CVE-2014-3803Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
OSV7.8
EPSS
0.7%
top 28.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMay 21
Latest updateMay 17

Description

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome35.0.1916.113+79

🔴Vulnerability Details

3
GHSA
GHSA-cq3j-mhjm-j845: The SpeechInput feature in Blink, as used in Google Chrome before 352022-05-17
OSV
oxide-qt vulnerabilities2014-07-23
OSV
CVE-2014-3803: The SpeechInput feature in Blink, as used in Google Chrome before 352014-05-21

📋Vendor Advisories

1
Ubuntu
Oxide vulnerabilities2014-07-23